Re: How to Secure Windows? was How to Save the World

["Dave Piscitello" <dave () corecom com>]

If you want a cheat sheet - or a template on which to baseline what 
your organization ultimately decides is its security policy - then 
visit the Center for Internet Security (cisecurity.org), download the 
security benchmarking tool and dozen or so templates, and RTFM that 
accompanies it. 

Basically, using Active Directory and group policy object definition, 
you can lock down W2K or XP very nicely based on these templates, 
including services, file system, local administration, IE settings, 
auditing/event logging and more. You can also develop policy for 
locking down internet-facing servers on Win2000 and W2k3. If you're 
not running AD, you can apply the same template as a local security 
policy using secpol.msc or create a Group template and apply it to 
individual systems using the group policy msc.

If you want the 1000-word abstract versions, visit my Windows 2000 
resources page at http://hhi.corecom.com/windowsxpresources.htm

FWIW, I use the NSA gold template on a windows 2000 laptop, locked 
down everything recommended and tried like hell to break into the box 
with no success (perhaps more an indication of my pen-testing 
limitations and the power of a paranoid security policy than Windows 
security, but...)

On 13 Dec 2004 at 11:42, MHawkins () TULLIB COM wrote:

> All I want to do is have a standard cheat sheet to lock down the
> machine so that all those exe's that I don't want to run - CAN'T - and
> all those exe's that I do want to let run - CAN - but only under their
> own account and only in their own volume space! Is that too much to
> ask?



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards